11 var gateway = &nginxGatewayBooter{tmpl: `
13 error_log stderr info; # Yes, must be specified here _and_ cmdline
17 access_log {{keyOrDefault "service/gateway/access_log" "/var/log/arvados/gateway.log" | toJSON}} combined;
18 upstream arv-git-http {
19 server localhost:{{GITPORT}};
22 {{if keyExists"service/gateway/ports/tlsGit"}}
23 listen *:{{key "service/gateway/ports/tlsGit"}} ssl default_server;
25 listen *:{{keyOrDefault "service/gateway/ports/tlsGateway" 443}} ssl;
26 server_name git.{{key "service/gateway/domain"}};
27 ssl_certificate {{SSLCERT}};
28 ssl_certificate_key {{SSLKEY}};
30 proxy_pass http://arv-git-http;
34 server localhost:{{KEEPPROXYPORT}};
37 listen *:{{KEEPPROXYSSLPORT}} ssl default_server;
39 ssl_certificate {{SSLCERT}};
40 ssl_certificate_key {{SSLKEY}};
42 proxy_pass http://keepproxy;
46 server localhost:{{KEEPWEBPORT}};
49 listen *:{{KEEPWEBSSLPORT}} ssl default_server;
50 server_name ~^(?<request_host>.*)$;
51 ssl_certificate {{SSLCERT}};
52 ssl_certificate_key {{SSLKEY}};
54 proxy_pass http://keep-web;
55 proxy_set_header Host $request_host:{{KEEPWEBPORT}};
56 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
60 listen *:{{KEEPWEBDLSSLPORT}} ssl default_server;
62 ssl_certificate {{SSLCERT}};
63 ssl_certificate_key {{SSLKEY}};
65 proxy_pass http://keep-web;
66 proxy_set_header Host download:{{KEEPWEBPORT}};
67 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
68 proxy_redirect //download:{{KEEPWEBPORT}}/ https://$host:{{KEEPWEBDLSSLPORT}}/;
72 server localhost:{{WSPORT}};
75 listen *:{{WSSPORT}} ssl default_server;
76 server_name ~^(?<request_host>.*)$;
77 ssl_certificate {{SSLCERT}};
78 ssl_certificate_key {{SSLKEY}};
81 proxy_set_header Upgrade $http_upgrade;
82 proxy_set_header Connection "upgrade";
83 proxy_set_header Host $request_host:{{WSPORT}};
84 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
90 type nginxGatewayBooter struct {
94 func (ngb *nginxGatewayBooter) Boot(ctx context.Context) error {
104 rootToken, err := ioutil.ReadFile(path.Join(cfg.DataDir, "vault-root-token.txt"))
109 cfgPath := path.Join(cfg.DataDir, "gateway.consul-template.hcl")
110 if err = atomicWriteJSON(cfgPath+".ctmpl", map[string]interface{}{
111 "consul": map[string]interface{}{
112 "address": fmt.Sprintf("0.0.0.0:%d", cfg.Ports.ConsulHTTP),
114 "vault": map[string]string{
115 "address": fmt.Sprintf("http://0.0.0.0:%d", cfg.Ports.VaultServer),
117 }}, 0600); err != nil {
121 tmplPath := path.Join(cfg.DataDir, "gateway.nginx.conf")
122 if err = atomicWriteFile(tmplPath+".ctmpl", []byte(ngb.tmpl), 0644); err != nil {
132 cmd: path.Join(cfg.UsrDir, "bin", "consul-template"),
134 "-config=" + cfgPath,
135 "-template=" + tmplPath + ".ctmpl:" + tmplPath,
139 env: map[string]string{
140 "VAULT_TOKEN": rootToken,